Browse Definitions :
Definition

island hopping attack

An island hopping attack is a hacking campaign in which threat actors target an organization's more vulnerable third-party partners to undermine the target company's cybersecurity defenses and gain access to their network. A threat actor is an entity that is partially or completely responsible for an incident that affects -- or has the potential to affect -- an organization's security system.

Threat actors targeting large organizations -- even ones with effective cybersecurity defenses -- will go to any length to get in. If the targeted organization has strong cybersecurity practices, then attackers will utilize island hopping attacks and exploit the business's intermediaries to penetrate the original organization's secure systems.

Island hopping attacks have become increasingly popular. Threat actors are using the technique to compromise network systems between multiple companies and steal their digital assets. The industries most affected by island hopping attacks include finance, healthcare, manufacturing and retail.

Island hopping cyberattacks and third-party access

The term island hopping comes from the military strategy employed by the Allies in the Pacific theater against the Axis powers during World War II. The strategy involved having the Allies take over an island and use it as a launching point for the attack and takeover of another island. The mission was first put into motion in August 1942 in Guadalcanal in the Solomon Islands.

In cybersecurity, island hopping attackers target customers and smaller companies that work with the victim organization, assuming that these more minor entities' cyberdefense systems are not as extensive as the ultimate target.

Similarly, if an organization is known to order food from the same website, threat actors may stage a watering hole attack, where they target that site -- knowing that members of the organization visit it -- as a way to gain access to the company's network.

How do they work?

Island hopping attacks often begin through phishing, where the attackers disguise themselves as a reputable entity in an email or other communication channel. Trusted brands -- such as Facebook and Apple support -- are often used in phishing attacks as a first step.

Another common method is known as network-based island hopping, in which attackers infiltrate one network and use it to hop onto an affiliate network. For example, attackers will target an organization's managed security service provider (MSSP) to move through their network connections.

In another technique known as a reverse business email compromise, attackers take over the mail server of their victim company and use Fileless malware attacks from there. Fileless malware attacks use applications that are already installed and thought to be safe. As such, fileless malware attacks do not need to install malicious software or files to initiate an attack. Reverse business email compromise attacks often target the financial sector.

Why do attackers use island hopping attacks?

Primary motivations for island hopping attacks include criminal activities, such as ransomware attacks and cryptojacking. For example, in 2013, hackers targeted the heating, ventilation and air conditioning (HVAC) service partner of retail giant Target. Target suffered a massive security breach in which the payment data of more than 40 million customers was stolen.

As was the case with Target, attackers take advantage of smaller partner companies because they typically cannot afford the same level of cybersecurity as the bigger organizations. Moreover, because the smaller systems are already trusted by the larger company, they are less likely to be noticed when compromised, making it easier for the attack to spread to the organization's network.

Island hopping defense strategies

Island hopping defense strategies include the following:

  • Assess third-party risks.
  • Create an incident response plan and a team that is funded and has the right tools to defend the network.
  • Require that suppliers use the same preferred MSSP and technology stack as the organization.
  • Have an incident response third party on retainer.
  • Use correct network segmentationso contractors don't get access to all of the servers, just the server they need to work on.
  • Use multifactor authentication (MFA).
  • Focus on lateral movement -- in which attackers move through a network, searching for key assets and data -- and credential theft.

How rampant are island hopping cyberattacks?

According to the VMware cybersecurity company Carbon Black's November 2019 Global Incident Response Threat Report, island hopping accounts for 41% of total cyberattacks -- up 5% since the first half of 2019. Lateral movement is steady at 67% of attacks -- well above 2018 averages. In the same report, Carbon Black found that attackers are selling island hopping access to compromised systems, often without the target realizing they are exposed.

Custom malware was used in 41% of attacks -- up from 33% in the first quarter of 2019, according to the report. Attacks are rising quickly because people who build custom attack code sell it on the dark web. Once it is used, the coder, as well as the purchaser, can attack the targeted company.

How to respond to an island hopping cyberattack

Organizations that have become victims of island hopping attacks should respond by doing the following:

  1. Look at logs from the affected systems for visibility. Identify what access was gained. Once an attacker gains an initial foothold, that access can be used to eventually gain full access to the enterprise through other attacks, such as a watering hole attack.
  2. Assess the scope of the attack and what assets were taken.
  3. Monitor new accounts or changes to systems to help identify when an account has been compromised and to thwart future island hopping attacks. Be sure to include trusted third parties that have access to the enterprise network or to cloud services. Also, include the service provider so it can check its logs and systems.
This was last updated in March 2020

Continue Reading About island hopping attack

Networking
  • SD-WAN security

    SD-WAN security refers to the practices, protocols and technologies protecting data and resources transmitted across ...

  • net neutrality

    Net neutrality is the concept of an open, equal internet for everyone, regardless of content consumed or the device, application ...

  • network scanning

    Network scanning is a procedure for identifying active devices on a network by employing a feature or features in the network ...

Security
  • cloud penetration testing

    Cloud penetration testing is a tactic an organization uses to assess its cloud security effectiveness by attempting to evade its ...

  • cloud workload protection platform (CWPP)

    A cloud workload protection platform (CWPP) is a security tool designed to protect workloads that run on premises, in the cloud ...

  • out-of-band authentication

    Out-of-band authentication is a type of two-factor authentication (2FA) that requires a secondary verification method through a ...

CIO
  • strategic management

    Strategic management is the ongoing planning, monitoring, analysis and assessment of all necessities an organization needs to ...

  • IT budget

    IT budget is the amount of money spent on an organization's information technology systems and services. It includes compensation...

  • project scope

    Project scope is the part of project planning that involves determining and documenting a list of specific project goals, ...

HRSoftware
  • director of employee engagement

    Director of employee engagement is one of the job titles for a human resources (HR) manager who is responsible for an ...

  • digital HR

    Digital HR is the digital transformation of HR services and processes through the use of social, mobile, analytics and cloud (...

  • employee onboarding and offboarding

    Employee onboarding involves all the steps needed to get a new employee successfully deployed and productive, while offboarding ...

Customer Experience
  • chatbot

    A chatbot is a software or computer program that simulates human conversation or "chatter" through text or voice interactions.

  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

Close